sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
d145c95208b5129701a6a4125767fa0118083cf5
system76-coreboot/util/broadcom/secimage/crypto.c
Alex Thiessen 00a455c8a7 util/broadcom/secimage: Add OpenSSL 1.1 support 
The `secimage` utility uses OpenSSL to calculate HMAC, which it does in
a rather unorthodox way, using deprecated `HMAC_CTX_init` API and
repeated calling of `HMAC_Init_ex` without a clear reason. The former
causes build errors with OpenSSL 1.1 while the rest of the
`HmacSha256Hash` function is confusing and overly complex.

Make `HmacSha256Hash` use a single OpenSSL API call. Test passed:
resulting signed binary remains identical.

Change-Id: Ib23c0ad96f9d8cc30ad357de8c0b0ba967c7d724
Signed-off-by: Alex Thiessen <alex.thiessen.de+coreboot@gmail.com>
Reviewed-on: https://review.coreboot.org/23069
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2018-01-14 23:11:40 +00:00

69 lines
1.8 KiB
C
Raw Blame History

/*
* Copyright (C) 2015 Broadcom Corporation
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation version 2.
*
* This program is distributed "as is" WITHOUT ANY WARRANTY of any
* kind, whether express or implied; without even the implied warranty
* of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#include <stdio.h>
#include <string.h>
#include <stdint.h>
#include "secimage.h"
#include <openssl/hmac.h>
/*----------------------------------------------------------------------
* Name : HmacSha256Hash
* Purpose :
* Input : none
* Output : none
*---------------------------------------------------------------------*/
int HmacSha256Hash(uint8_t *data, uint32_t len, uint8_t *hash, uint8_t *key)
{
unsigned int hash_len = 0;
if (!HMAC(EVP_sha256(), key, 32, data, len, hash, &hash_len)) {
printf("HMAC failed\n");
return -1;
} else if (hash_len != 32) {
printf("HMAC reported unexpected md_len of %u\n", hash_len);
return -2;
}
return 0;
}
/*----------------------------------------------------------------------
* Name : AppendHMACSignature
* Purpose : Appends HMAC signature at the end of the data
*---------------------------------------------------------------------*/
int AppendHMACSignature(uint8_t *data, uint32_t length, char *filename,
uint32_t offset)
{
uint8_t hmackey[32];
uint32_t len;
uint32_t status;
uint8_t *digest = data + length;
len = ReadBinaryFile(filename, hmackey, 32);
if (len != 32) {
printf("Error reading hmac key file\n");
return 0;
}
status = HmacSha256Hash(&data[offset], length - offset, digest,
hmackey);
if (status) {
printf("HMAC-SHA256 hash error\n");
return 0;
}
return 32;
}
Reference in New Issue View Git Blame Copy Permalink